Written by Lam Nha Truc and Daria Stepovaya (Edited by Jenna Fung)
On 27th January 2022, a session about Cybersecurity, Privacy & Safer Internet was held online. The session first began with a presentation on the topic delivered by Group 4. The group briefly explained what Cybersecurity and Privacy are and why it is important. They then explain two cases to study.
In this training session, the presentation was delivered by Lauren Lin and Qurra Tul Ain Nisar. The first part of the presentation was delivered by Lauren Lin. She gave a brief definition of cybersecurity and Types of cybersecurity, types of most reported cybercrimes as well. After that, she explained the case study: 168 %, increase in cyberattacks in 2021. Ransomes and Remote Access Trojans. It includes 3 types of incident trends: Leak and Shame tactics, Ransomware-as-a-Service (RaaS). Remarkably, Ransomware attacks exceeded 20 mill $. After that, he presented the top 4 countries that have seen the largest increase in cyberattacks: Japan, Malaysia, Singapore, and Indonesia. Japan is the least country that can stop attacks. Large and mid-corporates target ~45% of the people of Japan feeling threatened by attacks. After that, she presented the differentiated impacts of cyber Incidents on the basis of gender, which are Internet shutdowns, data breaches, and misinformation.
The second part of the presentation was delivered by Qurra Tul Ain Nisar. In this part, she gave an overview of privacy in the cyber world – PII Non-P11 and covered several topics, such as communication, personal Information, and territory. She also highlighted a case study about privacy – Robert Geeve in his tweet says “I’m back from a week at my mom’s house, and now I’m getting ads for her toothpaste brand, the brand I’ve been putting in my mouth for a week. We never talked about this brand or googled it or anything like that.”. Apps collect data from your phone. Apps use GPS to track people You are regularly in contact with. Data aggregators pay to pull in data from everywhere. They match our purchases to our Twitter account as we give both of them our email address and phone no. and we agree to all that data-sharing when we accept terms of service and privacy policy. They know Robert’s mom’s toothpaste. Not only that, but they know he was at his mom’s. They know his Twitter. Now he’s getting Twitter ads for his mom’s toothpaste. Your data isn’t just about you. It’s about how it can be used against every person you know, and people you don’t. To shape behavior unconsciously. She then presented six ways to“How to stay safe online”.
After the group presentation session, Maryam Lee, the guest speaker, shared the point of connecting cybersecurity with our daily life. There is no need to be a cybersecurity specialist to care about cybersecurity because users ultimately start to care more when they start using cyberspace. She mentioned her concern towards future data and stated that what is crucial now is to figure out how to secure the future data that’s about to be created. Data itself is not the problem. Data collection itself is not the problem. The problem is *how the data will be used*. She also stated that data is neutral, so it’s how and what we decide to use data is that will determine the impact to users. For example, we do not want our data to be used for targeted advertising. But, we can allow it to be used in A, B, and C ways. We need to start defining that ABC and set up clear limitations for the usage of our data by industry. She was encouraged to think of how the data is going to be used. The first critical step is taxonomy. At last, she also talked about trust in cyberspace. It might be easy to trust for the first time, but once it’s broken; it can take a very long time to recover. Meanwhile, our second guest speaker, Prateek Waghre told the attendees that the contents need to cover more topics: States, information infrastructure, and society and also find the connection among those fields. It is essential to think about the harms that the solutions may bring. He also advised us to classify the problems related to the Internet, particularly for companies, as one law can’t fix it. Finally, he gave a definition of Digital Communication Networks (DCNs) and ways to approach them.
Following up with this session, the attendees were divided into two groups in order to discuss the following sessions:
- What should APAC countries do in order to prevent or anticipate cyberattacks?
- What can be the core values for a safer Internet in your view?
- If our phones are “listening” to us for tracking purposes, what should we do as Internet users?
- What can be the boundary of privacy in the cyber world? Or does it have a specific borderline? Please share your opinions.
The breakout group discussion was facilitated by Lauren Lin. Speaker, Prateek Waghre and guest, Edmon Chung, joined the session. In this breakout room, the attendees shared their own interpretations of how to prevent or anticipate cyberattacks, particularly in APAC countries. Prateek pointed out that we don’t live in a totally cybersecurity-free society/ think of what you want to protect, what you want to achieve. Other attendees also highlighted that civil society collaboration and capacity need to be maintained. APAC countries should hold hands and form independent authorities, consensus, law, and other intergovernmental regulations that are responsible for cyberattacks in the whole region.
In response to question 2, one of the attendees mentioned classifying issues of cyberattacks, taxation, or the limit of the freedom of being online. Another attendee stated that there are also ways to protect ourselves when being online: be careful; able to express ourselves; data integration; infrastructure maintenance. She also commented that we need to figure out how the data will be collected and then imagine the way we use that data effectively. For the third question, our guest, Edmon Chung mentioned a case: those who are in vulnerable places like Myanmar – or civil society – can put their phones in a bag and an mp3 player to play music during a meeting for activists; it is usually the first in a line of defense. One attendee also emphasized checking cookies on the web to check if there are any warnings and be careful when sharing personal information. And, the core value of a safer internet is actually taking accountability and responsibility for how we use the Internet. Regarding the final question, Edmon Chung also stated that there is always a boundary for privacy to prevent criminals.
The second breakout room was facilitated by Daria Srepovaya. Speakers, Maryam Lee and guest, Jean F. Queralt, joined the session. In response to the first question, Jean F. Queralt stated that he’d make the case that there’s a line to be traced between “Users” (as known as citizens) and experts (engineers, devs, etc.). He pointed out that the responsibilities should be clearly defined. The role of users/citizens has to be as responsible users. The role of experts is to make sure things are built safely, which is called Rights by design.
In response to question 2, Omar stated that respect should be the core value. He included that respecting people we meet online is just like we’re taught to respect people in real life. And the way media persons mostly highlight controversial issues and try to harm their reputation should be avoided. The government shouldn’t control the use of the Internet.
All data should be private. All data is sensitive and vulnerable. The key is who can access the data.
Maryam Le pointed out – “You are only as strong as your weakest link” and “There is no such thing as an unpickable lock”. Jean stated that Privacy is not the only Right you would want to observe, and all those Rights should be embedded in the tech at the design level.
In a discussion about the fourth question, participants agreed that governments come up with national security excuses to justify spying and surveillance. The best one can do in this case is to make it clear as much as possible. If the government asks to look into your messages, then that’s a problem. The limitations should be made clear as to what extent our data is being collected by the government for our protection.